Data Governance (1-19)
Eng. Abdulaziz Aldukhayyil
Innovative Engineer ? IT MBA ? PMP? ? BPM ? AI
???#DataGovernance (1)??
Employee is not allowed to share (verbally or written) internally initiated business development ideas with external parties unless they are official stakeholders of the related projects.
???#DataGovernance (2)??
Employee should not market or tell about a newly developed product without the approval of the business owner.
???#DataGovernance (3)??
Legal department is not allowed for cases raised by employees to share them with the HR department or else without a clear consent from the case owner.
???#DataGovernance (4)??
Data should not be classified as top secret if the caused damages of its exposure can be recovered within half a decade (five years).
???#DataGovernance (5)??
Navigation data for Security or Armed forces should be dealt with while doing their tasks as Top Secret.
???#DataGovernance (6)??
Open data is one that is ordered by law to be made available to the public, such as stock exchanges. According to the information security famous tripod: (availability, integrity, confidentiality) open data requires a high level of attention to its availability, integrity while ensuring the declassification.
???#DataGovernance (7)??
When an executive refuses to accept ownership of data that is counted in the KPI of his or her unit or competes for it with another executive, the final say comes from the Data Governance Steering Committee.
???#DataGovernance (8)??
The source codes of software or applications are data that is owned by the nearest executive manager. Also, he bears responsibility for approving the production of the new releases.
???#DataGovernance (9)??
Data governance can be defined from a results perspective, as all processes required to ensure storing and exchanging undamaged data necessary for the organization between the concerned people in more secure ways. Based on this definition, unnecessary data should not be stored, and the data should be secured from which may affects its integrity or exposes it to non-concerned people.
???#DataGovernance (10)??
Not all data leaks are made by ordinary employees; some are made by executives in hard-to-detect ways. A senior executive seeking to strengthen his power externally may need to hire a series of loyal managers and employees to reach the sources of data and provide him in unauthorized ways with the information he needs. And because the leakage process is accompanied by the exchange of benefits or promises of them, adventures usually occur, especially from those close to the data sources. And when these adventures begin to be revealed, these adventurers are sacrificed before the leakers chain is exposed.
???#DataGovernance (11)??
领英推荐
Mature organizations that process vast amounts of data and have experienced or heard of the consequences of rights violations and heavy losses as a result of data exposure or alteration have realized that the ideal way to avoid this is to create a specialized entity called the Data Governance Office linked to the Board of Directors and a committee emanating from it to take the necessary decisions in data governance. This is what the National Data Management Office?#ndmo?associated with?#SDAIA?is calling for.
???#DataGovernance (12)??
Data leakers have personality patterns that can be explained by their attempts to distract attention or forget them. For example, you notice that the leaker is very keen not to enter any system through his personal account but rather asks others. Also, he does not prefer to send a sensitive report to him alone, but to be part of a mailing group. If he is a manager, you will find him asking his employees to enter their accounts to provide him with the reports and data he wants, and usually those in his close circle are those who need the job and who have weaknesses in their principles. The leaky manager is distinguished by his introversion, untransparency, his brief responses, his shirking of tasks, the delegation of responsibility, and his illogical insistence on his demands during meetings. But if the leaker is an ordinary employee, then he is characterized by a negative social personality and often insults others to divert attention from other things that he hides. In general, you do not find that the leaker is keen on enriching or informing others as much as he is keen not to let out a word indicating his knowledge of information that others do not see.
???#DataGovernance (13)??
Organizations single out a data governance unit to remove an excessive burden from the information security department, which is not supposed to be concerned with, for discovering and classifying proliferating and increasing numbers of data and thus setting controls on them. Also, to add control authority that the Information Technology Department does not possess over controlling duplicate copies of data in other departments, which are used as alternative sources that may not be synchronized with the original sources, or those amounts of data that are not needed or are no longer necessary for the continuity of the organization’s business, and therefore add cost burdens of storing them.
???#DataGovernance (14)??
Data lakes are places where raw data is located from which related data is extracted, such as images received from satellites, geological surveys, or traffic cameras. A preliminary process (cleansing) takes place for such raw data to extract the needed data and exclude excesses using artificial intelligence techniques or logical and statistical operations. Next, it is decomposed and structured then stored in data warehouses to enable the query procedures and mining operations to extract specific information.
Data governance is not absent from this framework. The cleansing or mining processes involve a lot of accumulated and wasted data. Whether an organization owns or leases data lakes and repositories, whoever deals with it, the data owner and custodian must follow governance guidelines that cover all aspects of the data lifecycle.
???#DataGovernance (15)??
Fourth Clause:
I apologize for not translating the above Arabic script because I am not an authorized translator of Saudi laws.
???#DataGovernance (16)??
SELECT * FROM Employees
Above is a simple SQL statement to retrieve employee information. When applying effective governance, the information of the person who performed the retrieval process will be stored with the time stamp. When he does not have an approved document to carry out this retrieval process, he is questioned.
??#DataGovernance?(17)??
#InformationSecurity #Politics #WTO?#WorldTradeCenter?#WorldTrade #ECommerce?#Internet #ComputerEngineering #ComputerArchitecture #Data?#NetworkEngineering #SDAIA?#NDMO
Among the practices of major or aspiring countries, or those spying for their benefit or for others is to sponsor the manufacture of internet-connected-devices, or the development of service and social applications in order to collect vital data about countries such as places of interest, people's cultures and behaviors using their devices and applications. On the other hand, E-commerce has made it easier for buyers to find goods they need from all around the world. Moreover, the number of high-quality shipping companies has multipled. All of above has led to a vast growth of international trading and pressured in a way that made it impossible to control the passage of these devices. For this reason, some targeted countries such as China resort to banning these devices or applications coming from the competitor countries.
While security tests for applications have become more advanced through penetration testing and source code scanning, such tests are not available at the hardware level, where the device manufacturer can insert an integrated circuit (IC) or few transistors on the same motherboard that is used by the device software so that scanning tests fail to discover for the purpose of espionage and data collection
The World Trade Organization must find solutions for the possibility of conducting security tests on Internet-connected-devices, whether they contain electronic circuits with fixed programming (#ASIC) or programmable (#FPGA). The organization can cooperate with accredited organizations to prepare standards such as?#ISO?and?#IEEE?to agree on an international standard for the design of electronic boards that facilitates the process of security testing, or discuss the possibility of preventing unidentified electronic circuits from using the MAC address of the device during data transmissions, or discuss the possibility of identifying and stopping unfamiliar movements through the data buses.
???#DataGovernance (18)??
Most preventive policies and procedures, such as cyber security or data governance, are based on anticipating risks and then managing them according to their assessment, either by avoiding, transferring, mitigating, or accepting them. Risk forecasting requires a lot of analysis and thinking tools. One of the tools that was not mentioned in any of the risk management books, and this is the first time it was mentioned, is the use of proof by contradiction. The method of "proof by contradiction" expresses that it is sufficient to prove a hypothesis by proving its opposite false. This tool is used to prove mathematical expressions as well as in other fields such as law.
This method is also used to solve some math problems, and I personally used it to solve a question in Secondary school tests in 1996 required proof of a theory in plane geometry, that if a straight line is perpendicular to two other straights, then it is perpendicular to the plane that combines them. I assumed that the opposite of the theory is correct, that is, it is not perpendicular to the plane. However, when drawing any line in the plane that passes through the straight line, the angle between them is equal to 90°, that is, it is perpendicular to it, and thus the assumption is dropped and the theory is confirmed.
???#DataGovernance (19)??
Once the employee is accepted into the facility, his personal, financial and legal information becomes protected by human resources and may not be disclosed without the employee's permission. Some may, in order to spoil the relationship between the employee and his manager, disclose some of this information in order to control a particular conflict.
#DearManager?Do not listen to those who violate the rights of your employees. Instead, set achievable objectives and performance measures for the employee.